Worm.Win32.Aler.a, Win32.HLLW.Golten, W32/Mofei-E, Worm:Win32/Golten.A, WORM_GOLTEN.A,
Worm/Aler.A.5, W32/Aler.A, Worm/Aler.D, Win32.Mofei.E, W32/Aler.A.worm
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
11 Nov 2004
The W32.Scard program is a worm with backdoor abilities. It utilizes a NetBIOS attack to propagate to computer systems with fragile passwords.
W32.Scard Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Scard from your computer.
More details about W32.Scard
When the W32.Scard worm is executes, it creates files such as “%System%\Alerter.exe”, “%System%\spc.exe”, “%System%\comwsock.dll”, “%System%\dmsock.dll”, “%System%\SCardSer.exe”, and “%System%\sptres.dll”. Take note that %System% is a variable that submits to the folder of the system. By default, this is “C:\Winnt\System32 (Windows NT/2000)”, “C:\Windows\System32 (Windows XP)”, or “C:\Windows\System (Windows 95/98/Me)”. The worm attaches the file “sptres.dll” to the process of “Explorer.exe”. This worm scans the computers with fragile passwords and tries to do a NetBIOS attack on them. It also tries to duplicate itself to a computer as “ADMIN$\System32\Alerter.exe” and “ADMIN$\System32\Alerter16.exe”, making use of weak passwords.
The W32.Scard program also creates a registry entry that enables the Trojan to run automatically whenever the user restarts the computer. The program has the capability on its own to recreate, update and repair DLLs, files, processes and registry keys, thus making any attempt to uninstall the program complicated. Security experts consider the W32.Scard malware because of the undesirable effects it can do to the victim computer. The Trojan installs elevated risks without the user’s consent that could lead to the opening of illegal network connections.